ACS2012
asked on
VPN not working with TMG 2010
Dear All,
I have TMG 2010 standalone array (2 servers), I configure the VPN, when I try to connect using VPN, it’s work fine, I can connect, but still I can’t see anything in my network.
When I check TMG, I found the error attached.
I attached the network configuration in my TMG servers and the Route Print.
What I have to do to make them work?
Thanks
route-print.JPG
IP-for-VPN-in-TMG.JPG
Internal-Addresses.JPG
error.JPG
I have TMG 2010 standalone array (2 servers), I configure the VPN, when I try to connect using VPN, it’s work fine, I can connect, but still I can’t see anything in my network.
When I check TMG, I found the error attached.
I attached the network configuration in my TMG servers and the Route Print.
What I have to do to make them work?
Thanks
route-print.JPG
IP-for-VPN-in-TMG.JPG
Internal-Addresses.JPG
error.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try to create a dns rule in your both side of TMG that allow : source internal lan+ localhost+ vpnsite1 to connect to destination of your vpn site2 and vice versa
ASKER
hi emadallan,
how i can do that?
is there a requirements to add a static route for the VPN IP range?
how i can do that?
is there a requirements to add a static route for the VPN IP range?
no, it's not a problem of static route, just open your TMG Console and add a firewall rule that allow dns, smb(in case u want to access sharing files) protocols in both side of TMG
this is an URL that describe the principales of creating a firewall rules, then you specify the protocols you want:
http://retrohack.com/let-me-out-configuring-outbound-access-rules-in-tmg-2010/
http://retrohack.com/let-me-out-configuring-outbound-access-rules-in-tmg-2010/
ASKER
i already have a rule to allow everything between internal and VPN users
even if you have everythings rule!! it will not works, so create a specific rule as mentioned and make its priority before the everythings rule!!
ASKER
You could try looking at the session, with TMG logging, monitor for the username in question - Clientusername.
Other thing, do other router know for TMG VPN users network 172.16.105.1 - .125?
Other thing, do other router know for TMG VPN users network 172.16.105.1 - .125?
ASKER
Now the VPN is work without error in the TMG, I can connect via the VPN and I can see my connection in the TMG server.
But i’m facing a problem; I can’t access anything in my network.
I check the IP taken via the VPN, it’s the same from the list which I specify in the VPN configuration.